[LINK] IPv6 vs. Human Security [Was Re: smartphone privacy problems]
Roger Clarke
Roger.Clarke at xamax.com.au
Mon Jan 31 17:14:49 AEDT 2011
At 16:29 +1100 31/1/11, Paul Brooks wrote:
>I'm curious - what "natural protections of this nature" are you
>talking about Roger?
>There are no such "natural protections" - not for TXT messages,
>phone calls, even
>driving around.
>Not for IPv4 addresses either - so what 'natural protections' are
>you referring to
>here, that IPv6 is supposed to emulate out-of-the-box?
IPv4 addresses do not enable any party to infer any identifier for
the device that's using the IP-address.
It's possible for a gatherer of data (ISP, marketer, spook-agency,
other eavesdropper) to associate all messages with an IP-address.
But that doesn't in itself associate the stream of messages with any
particular device.
To do so requires access to additional data held by other
organisations, and hence powers and resources. So it isn't done
casually.
There are accordingly 'natural protections' in place, in such forms
as organisational barriers (not least jealousies) and costs. [Legal
protections are out-of-scope for the moment.]
Further, a message-stream to and from a device that connects via one
IPv4-address is not able to be directly associated with
message-streams to and from the same device when it's connected via
other IPv4 addresses.
It may be feasible to achieve that by other means (including content
within the data-streams, e.g. using 'deep packet inspection'), but
that requires capabilities and the investment of resources.
Once again, these are a deterrent, or a 'natural protection'.
IPv6 in its default mode (or whatever adjective it is that Karl wants
me to use) makes an identifier of the device readily computable from
the IPv6-address.
The organisational and costs barriers are removed, and:
(1) every data-stream is directly associable with a device
(2) the multiple data-streams arising from a portable device's
connections over time with multiple sub-networks are directly
associable with one another
So the 'natural protections' are demolished.
Roger:
>>> As things have transpire, one of the following must be true:
>>> - that vital design requirement wasn't recognised; or
>>> - it was recognised but not delivered
>>> Either is a failure by the designers.
Paul:
>Fortunately, neither of these are true. It was recognised, and a
>specification was
>created.
The architecture is seriously flawed, and as a result the
infrastructure is seriously insecure for humans using it.
RFC 4941 is a 2007 retro-fit to mid-late 1990s specs (although,
because of the 'rough working code' norm, it was presumably
implemented by a few players earlier than that).
What are the incentives for RFC 4941 to be implemented?
What's the penetration of RFC 4941 implementations?
If it's 100%, or 100% at least in the countries where individuals are
most at risk, then I do have to pause and consider whether
architecture, infrastructure and principles are as important as I
think they are. If there's no problem 'in practice', and the scale
of the space is vast, then maybe the concerns are 'just academic'.
But if the answers are along the lines of 'don't know', 'can't know',
'no market demand' or 'not very much', then I stand by everything
I've said, and people-at-risk are at much greater risk because of,
let me say it again, actions by engineers who've breached their
professional and ethical obligations.
One place I've pursued the fuller argument is here:
Clarke R. (1988) 'Economic, Legal and Social Implications of
Information Technology' MIS Qtly 12,4 (December 1988) 517-9,
PrePrint at
http://www.rogerclarke.com/DV/ELSIC.html
--
Roger Clarke http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
Visiting Professor in Computer Science Australian National University
More information about the Link
mailing list